This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JeffCote
Explorer
‎2024-08-06 06:00 AM

Web Server error on 81.10.10 Spark Appliance ( 1500, 1600 ) SMP managed

Hi everyone.
Since the 81.10.10 firmware on Quantum Spark appliances ( managed through the Spark Management Platform) several of the firewall i manage get the same type of error.

It begins with error 00362, then after a while, it disconnect from the SMP cloud services and go into Outgoing policies only.

Those firewalls also generate system logs with this entry:

fwobj_get_converted_set_as_string: Conversion failed with error: /usr/local/share/lua/5.1/conversion/convert.lua:0: /usr/local/share/lua/5.1/conversion/convert.lua:0: conversion.convert.handle_match: services in /opt/fw1/conf/objects.conv

Anyone else encountered that ?

Thanks 

0 Kudos
14 Replies
Lesley
Mentor Mentor
Mentor
‎2024-08-06 01:38 PM

Try disconnecting the device from SMP and reconnecting it.

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2024-08-06 04:40 PM

I would definitely open TAC case for that.

Andy

0 Kudos
JeffCote
Explorer
‎2024-08-07 05:10 AM
In response to the_rock

We opened 3 by now.
But it always ended up with TAC suggesting a factory reset of the appliance.

0 Kudos
JeffCote
Explorer
yesterday
In response to the_rock

We were able to recreate the issue.

Create NAT rules locally on the firewall.
Create access rules for those NAT using the same object you created for the NAT rules.
Create some rules on the Spark Management Platform.
Link the firewall to the Spark Management Platform and wait.
At some point, the platform will push changes to the firewall and the script will create 3 instances of every objects used for the NAT in the database.
This is what create the "cannot write to the database" error, soon after that, the "web server errors" will begin.

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to JeffCote

If you can reproduce this, a TAC case will definitely help us resolve this.

0 Kudos
Dafna
Employee
Employee
‎2024-08-06 09:39 PM

HI,

Please open a task.

Is it possible to get access to your gateway via reach my device?

Thanks 

  Dafna

0 Kudos
samadhi
Explorer
‎2024-08-20 10:54 AM

Hi,

I have the same issue with several 1570s using R81.10.10_996002945. We've seen the same issues with all R81.10.10 releases.

Any useful suggestions, other than resetting the appliance to factory defaults ?

PS: Disconnecting from cloud would sometime result in an inaccessible device.

Cheers,
Sam

0 Kudos
the_rock
Legend
Legend
‎2024-08-20 11:51 AM
In response to samadhi

Do you have TAC case opened for the issue?

Andy

0 Kudos
samadhi
Explorer
‎2024-08-20 12:14 PM
In response to the_rock

Hi,

Will be able to open TAC case soonest tomorrow.
Had quite a few TAC cases along the way, after 81.10.10 release. Recommendation received here, repeatedly: resetting to factory defaults or downgrade. The latter was the best option for us, most of the time.

The very last encounter of the issue appeared one hour ago, on a otherwise working device until we created a new Network Object (DHCP reservation for a certain MAC address).

Since device is in production disconnecting from SMP is not an option. Deleting the newly created Network Object had no effect.

Was kinda hoping for a "magic" solution to rebuild the fw rules from CLI. Pushing reapply of current plan from SMP or fetching new rules in SMB UI had no effect.

Thanks,
Sam

0 Kudos
Amir_Ayalon
Employee
Employee
‎2024-08-20 12:26 PM
In response to samadhi

Hi Sam

when opening an SR please ask TAC to open a Task for R&D.

we will look into it.

 

thanks

 

0 Kudos
samadhi
Explorer
‎2024-08-21 06:23 AM
In response to Amir_Ayalon

Hi,

TAC tichet opened: 6-0004036075

Cheers,
Stefan

0 Kudos
the_rock
Legend
Legend
‎2024-08-21 07:31 AM
In response to samadhi

I hope they provide you with something good. I know this can be frustrating situation, as we all always try to avoid rebuilding a fw.

Andy

0 Kudos
JeffCote
Explorer
‎2024-08-27 01:09 PM

Had to open yet ANOTHER ticket since yet ANOTHER of the firewall we manage just had the problem after creating a rule.

Service Request# : 6-0004042344

0 Kudos
vladdar
Participant
yesterday

This is something i have also encountered on R81.10.15. We encountered another bug with cluster of 1800, when the cluter WAN IP stopped responding and all associated VPN tunels (sourced from VIP) also stopped working. R&D was not able to help me as I was not able to replicate the issue on call with them. We tried testing on borrowed Spark 2000 with trial licences for testing purposes but the issue repeated. Then I have tried upgrading the cluster to R81.10.15 and I am seeing same issue as OP. Web server error and this line in /var/log/messages

2025 Feb 11 11:24:27 xxx user.err root: [System error] CODE_SYS_ERROR (8712.149.48) - sys/OSTLORM.lua:48: Failed to connect (Log reference: 1739269467)

P.S.: We are using local management and cluster is not connected to cloud Spark Management

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events